Richard Megginson wrote:
Del wrote:
> Rich Megginson wrote:
>
>> We hope to have another binary release by the end of the week. We've
>> just got a couple of bug fixes to go.
>
>
>
> Hi Rich,
>
> <prod>!
>
>
http://directory.fedora.redhat.com/wiki/Download has pointers to new
> releases (Fedora Directory Server 1.0) but the links all give me 404's.
>
> So are we getting closer to that binary release?
Closer . . .
You do realize that MD5 has been _fully_ broken now, don't you? And I'm
not talking about dictionary attacks; I'm talking about a fast
mathematical attack vector on the algorithm itself.
An interesting demonstration here:
http://www.doxpara.com/?q=node&from=10
Collision generators here:
http://www.stachliu.com/collisions.html
The new and improved collision generator:
http://www.stachliu.com/md5coll.c
"Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour"
- out of reach for most people
"New average run time on P4 1.6ghz PC - 45 minutes"
- within reach for nearly everyone
Now, storing md5 doesn't seem much safer than storing crypt.
--
mike